The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors. Date published : 2008-10-29 http://drupal.org/node/318706...
The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors. Date published : 2008-10-29 http://drupal.org/node/318706 http://www.openwall.com/lists/oss-security/2008/10/21/7
The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error." Date published...
Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar, which allows remote attackers to spoof the address bar via a URL with a domain name that differs from an important...
Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many (Non-Blocking Space character) sequences, which are rendered as whitespace,...
SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter. Date published : 2008-10-29 http://www.securityfocus.com/bid/31948 https://www.exploit-db.com/exploits/6852
SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2008-10-29 http://www.securityfocus.com/bid/31940 https://www.exploit-db.com/exploits/6849
aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php. Date published :...
tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to "admin." Date published : 2008-10-29 http://www.securityfocus.com/bid/31939 https://www.exploit-db.com/exploits/6848
SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter. Date published : 2008-10-29 https://www.exploit-db.com/exploits/6854 http://secunia.com/advisories/32431
Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter. Date published : 2008-10-29 http://www.securityfocus.com/bid/31942 https://www.exploit-db.com/exploits/6850
Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter. Date published : 2008-10-29...
Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary code via a long filename in a .zip file. Date published : 2008-10-29 http://www.securityfocus.com/bid/31913 https://www.exploit-db.com/exploits/6831
SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action. Date published : 2008-10-29 http://www.securityfocus.com/archive/1/490886/100/0/threaded https://www.exploit-db.com/exploits/5414